Email not included in idToken with scope user_

Hi. I am having a problem when using oauth authorization. I need the email so I included the scope user:read:email but in the idToken that I receive there is no email whatsoever.

This is the URL (I omit sensitive data)
https://id.twitch.tv/oauth2/authorize?client_id=__&response_type=code&scope=openid+user%3Aread%3Aemail&nonce=___&display=page&redirect_uri=https___]

I get this response when I call the token url

{“access_token”:““,“expires_in”:15288,“id_token”:“ey—”,“refresh_token”:””,“scope”:[“openid”,“user:read:email”],“token_type”:“bearer”}

And the IdToken does not contain any email data. Only the preferred_username field is present.

This is correct

Token response onlt contains to the token data

There are no claims in your entry point so defualt claims occured.

You either need to:

  • adjust/add claims to entry to request the needed data for your JWT, depending on which side you want to return the data
  • call the userinfo_endpoint endpoint as per OIDC RFC
  • use the access token against the helix users endpoint

Oh, I see. So in the authorize url I would have to modify the URL to include the query parameter with this json string-encoded?

{
“id_token”: {
“email”: null,
“email_verified”: null
}
}

I tend to roll with

and call userinfo.

But you can id_token instead or both

With just email/email_verif it might drop preferred_username so being specific is useful

1 Like

Thanks. I will try it!

This worked. However it was needed this in order to appear in the idtoken:

idtoken: {
email:null,
email_verified:null,
preferred_username:null
}

Yeah thats what I mean by:

You can define claims to provide the requested data in the JWT (id_token) or on userinfo endpoint with userinfo or both.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.